public boolean allowNotificationFor(Username username) { return securityService.isUserAdmin(username); } }
public void checkPipelineGroupOperateUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.hasOperatePermissionForGroup(currentUserLoginName(), groupName)) { throw renderForbiddenResponse(); } }
private boolean authorizedToViewPipeline(Username username, String pipelineName) { return securityService.hasViewPermissionForPipeline(username, pipelineName); }
public boolean canViewAdminPage(Username username) { return isUserAdmin(username) || isUserGroupAdmin(username) || isAuthorizedToViewAndEditTemplates(username) || isAuthorizedToViewTemplates(username); }
public boolean canCreatePipelines(Username username) { return isUserAdmin(username) || isUserGroupAdmin(username); }
public boolean hasViewOrOperatePermissionForPipeline(Username username, String pipelineName) { return hasViewPermissionForPipeline(username, pipelineName) || hasOperatePermissionForPipeline(username.getUsername(), pipelineName); }
public void checkAnyAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()) || securityService.isAuthorizedToViewAndEditTemplates(currentUsername()))) { throw renderForbiddenResponse(); } }
public void checkAdminOrTemplateAdminAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String templateName = request.params("template_name"); if (StringUtils.isNotBlank(templateName) && !securityService.isAuthorizedToEditTemplate(new CaseInsensitiveString(templateName), currentUsername())) { throw renderForbiddenResponse(); } if (StringUtils.isBlank(templateName) && !securityService.isAuthorizedToViewAndEditTemplates(currentUsername())) { throw renderForbiddenResponse(); } }
public void checkViewAccessToTemplateAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String templateName = request.params("template_name"); if (StringUtils.isNotBlank(templateName) && !securityService.isAuthorizedToViewTemplate(new CaseInsensitiveString(templateName), currentUsername())) { throw renderForbiddenResponse(); } if (StringUtils.isBlank(templateName) && !securityService.isAuthorizedToViewTemplates(currentUsername())) { throw renderForbiddenResponse(); } }
public void checkPipelineGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled() || securityService.isUserAdmin(currentUsername())) { return; } String groupName = findPipelineGroupName(request); if (!securityService.isUserAdminOfGroup(currentUsername(), groupName)) { throw renderForbiddenResponse(); } }
public List<String> modifiableGroupsForUser(Username userName) { if (isUserAdmin(userName)) { return goConfigService.allGroups(); } List<String> modifiableGroups = new ArrayList<>(); for (String group : goConfigService.allGroups()) { if (isUserAdminOfGroup(userName.getUsername(), group)) { modifiableGroups.add(group); } } return modifiableGroups; }
public void checkAdminUserOrGroupAdminUserAnd403(Request request, Response response) { if (!securityService.isSecurityEnabled()) { return; } if (!(securityService.isUserAdmin(currentUsername()) || securityService.isUserGroupAdmin(currentUsername()))) { throw renderForbiddenResponse(); } }
public List<TemplateToPipelines> getTemplatesList(Username username) { List<TemplateToPipelines> templateToPipelinesForUser = new ArrayList<>(); List<Role> roles = goConfigService.rolesForUser(username.getUsername()); Map<CaseInsensitiveString, Map<CaseInsensitiveString, Authorization>> allTemplatesAssociatedWithPipelines = goConfigService.getCurrentConfig().templatesWithAssociatedPipelines(); for (CaseInsensitiveString templateName : allTemplatesAssociatedWithPipelines.keySet()) { if (securityService.isAuthorizedToViewTemplate(templateName, username)) { Map<CaseInsensitiveString, Authorization> pipelinesWithAuthorization = allTemplatesAssociatedWithPipelines.get(templateName); TemplateToPipelines templateToPipelines = new TemplateToPipelines(templateName, securityService.isAuthorizedToEditTemplate(templateName, username), securityService.isUserAdmin(username)); templateToPipelinesForUser.add(templateToPipelines); for (CaseInsensitiveString pipelineName : pipelinesWithAuthorization.keySet()) { templateToPipelines.add(new PipelineEditabilityInfo(pipelineName, canAuthorizedTemplateUserEditPipeline(username, roles, pipelinesWithAuthorization.get(pipelineName)), goConfigService.isPipelineEditable(pipelineName))); } } } return templateToPipelinesForUser; }
private boolean hasViewPermissionWorkaroundForNonExistantPipelineBug_4477(CaseInsensitiveString pipelineName, Username username) { if (!goConfigService.hasPipelineNamed(pipelineName)) { throw new RecordNotFoundException(); } if (securityService.isUserAdmin(username)) { return true; } // we check if pipeline exists because this method returns true in case the group or pipeline does not exist! return securityService.hasViewPermissionForPipeline(username, pipelineName.toString()); }
public boolean hasOperatePermissionForStage(String pipelineName, String stageName, String username) { if (!goConfigService.isSecurityEnabled()) { return true; } if (!goConfigService.hasStageConfigNamed(pipelineName, stageName)) { return false; } StageConfig stage = goConfigService.stageConfigNamed(pipelineName, stageName); CaseInsensitiveString userName = new CaseInsensitiveString(username); //TODO - #2517 - stage not exist if (stage.hasOperatePermissionDefined()) { CruiseConfig cruiseConfig = goConfigService.getCurrentConfig(); String groupName = goConfigService.findGroupNameByPipeline(new CaseInsensitiveString(pipelineName)); PipelineConfigs group = goConfigService.getCurrentConfig().findGroup(groupName); if (isUserAdmin(new Username(userName)) || isUserAdminOfGroup(userName, group)) { return true; } return goConfigService.readAclBy(pipelineName, stageName).isGranted(userName); } return hasOperatePermissionForPipeline(new CaseInsensitiveString(username), pipelineName); }
public boolean securityEnabled() { return securityService.isSecurityEnabled(); }
String name = CaseInsensitiveString.str(username.getUsername()); if (request.getMethod().equalsIgnoreCase("get")) { if (!securityService.hasViewPermissionForPipeline(username, pipelineName)) { response.sendError(SC_FORBIDDEN); return false; if (!securityService.hasOperatePermissionForStage(pipelineName, stageName, name)) { response.sendError(SC_FORBIDDEN); return false; if (!securityService.hasOperatePermissionForPipeline(username.getUsername(), pipelineName)) { response.sendError(SC_FORBIDDEN); return false;
private boolean isCurrentUserAdminOfGroup(String groupName) { return securityService.isUserAdminOfGroup(getCurrentUsername(), groupName); }
private boolean hasViewOrOperatePermissionForGroup(Username username, String group) { return securityService.hasViewPermissionForGroup(CaseInsensitiveString.str(username.getUsername()), group) || securityService.hasOperatePermissionForGroup(username.getUsername(), group); }
private boolean isUserAuthorized() { if (!securityService.isAuthorizedToEditTemplate(templateConfig.name(), currentUser)) { result.forbidden(forbiddenToEdit(), forbidden()); return false; } return true; }